[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH RFC for-4.13 04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest


  • To: Julien Grall <julien.grall@xxxxxxx>
  • From: Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Date: Fri, 27 Sep 2019 17:58:56 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LbPb4MIGZy9qaOjR8oKxVeoyFKC3qpU93XFr0UOnkN8=; b=PlbYtGg+Zc5/0vfTIZOgI+B8RQc0t2Q2Gon88H0zE7C7GULZcZoCixdotJQDcLS0/JNelRoIVYdG2MGmf5N/Sfzwu0IHWk1njwBk+RD1OoL5R5WnQjnfCv8bJrm5JPbTcw988QJ9629UhPHQiyB0mbLpf+4ZCmMq8KghkgPa9MOBHDgbSdZOBktpTObWHISQlUToDmYe+z8RoaBHzuCD+CCSqdBQYCLTBikYr9Hx/9JfsNYQ3hVuU76bsp789QeRWwZ1KGAyTE7h6HVBUW+sYJc+DQK3/Ts/xN5fMfA+ni7AvI4dAeUYzXknJS2CmKzZyyGzflwMimPhlFyoNRRX+A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XO6jwYk1CbU60u8czINVg1nR6ALIxkE/Q7Tmv9QfBK8ORYrm+N3ZEqaZ8xoWMmeqUhOjXcpd6Fv8QI/6TEO1XED0M7evBJHtJhgtDQVfPufsTPuK9yIAiSCfG7ylUuzdn2oug0dyekJb+9jjdkXtDbHQfHGNSO0L4ecIeiIM0zNmVN9ZHy+6inzAnZwd1wjwWi7gPv7HqtRs9nsWGQqom4bySesX/G75sD9NjK4rKliGJ4YH4EJPHShkhRc+ZuPeweKxNKsK4WITzvJYtd3X/jMYSuLhVtkG6ZUGA7tz/K7vv520HzIFh3mI3ufUZK8NT50YxNB9P+Bw6xR5dPo7fQ==
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=Volodymyr_Babchuk@xxxxxxxx;
  • Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Andrii Anisov <Andrii_Anisov@xxxxxxxx>, Andre Przywara <andre.przywara@xxxxxxx>, "andrii.anisov@xxxxxxxxx" <andrii.anisov@xxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>
  • Delivery-date: Fri, 27 Sep 2019 17:59:08 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHVdJmSz7FwOb+ZL0aIExPYLyfVU6c/a/SAgAAHRoCAAATGAIAACkYAgAAExICAAAqUgIAAAuAAgAAiYACAABpkAA==
  • Thread-topic: [PATCH RFC for-4.13 04/10] xen/arm: Ensure the SSBD workaround is re-enabled right after exiting a guest

Julien Grall writes:

> Hi,
>
> On 27/09/2019 15:21, Volodymyr Babchuk wrote:
>>
>> Julien Grall writes:
>>
>>> On 27/09/2019 14:33, Volodymyr Babchuk wrote:
>>>> Julien Grall writes:
>>>>> On 27/09/2019 13:39, Volodymyr Babchuk wrote:
>>>>>> Julien Grall writes:
>>>>>>> On 27/09/2019 12:56, Volodymyr Babchuk wrote:
>>>>>>>> Julien Grall writes:
>>>>>> Or maybe, we should not split the function at all? Instead, we enable
>>>>>> interrupts right in the middle of it.
>>>>>
>>>>> I thought about this but I didn't much like the resulting code.
>>>>>
>>>>> The instruction to unmask interrupts requires to take an immediate
>>>>> (indicates which interrupts to unmask). As not all the traps require
>>>>> to unmask the same interrupts, we would end up to have to a bunch of
>>>>> if in the code to select the right unmasking.
>>>> Ah, yes, this is the problem. We can provide callback to
>>>> enter_hypervisor_from_guest().
>>>
>>> I am not sure what you mean by this. Do you mean a callback that will
>>> unmask the interrupts?
>> Yes. You can pass function pointer to enter_hypervisor_from_guest(). To
>> a function, that will unmask the interrupts. I'm sure that guest_vector
>> macro can generate it for you. Something like this:
>>
>>          .macro  guest_vector compat, iflags, trap, save_x0_x1=1
>>          entry   hyp=0, compat=\compat, save_x0_x1=\save_x0_x1
>>          /*
>>           * The vSError will be checked while 
>> SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT
>>           * is not set. If a vSError took place, the initial exception will 
>> be
>>           * skipped. Exit ASAP
>>           */
>>          ALTERNATIVE("bl check_pending_vserror; cbnz x0, 1f",
>>                      "nop; nop",
>>                      SKIP_SYNCHRONIZE_SERROR_ENTRY_EXIT)
>>          ldr     x0, =1f
>>          bl      enter_hypervisor_from_guest
>>          mov     x0, sp
>>          bl      do_trap_\trap
>>          b       1f
>> 2:
>>          msr     daifclr, \iflags
>>          ret
>> 1:
>>          exit    hyp=0, compat=\compat
>>          .endm
>
> TBH, I don't see what's the point you are trying to make here. Yes,
> there are many way to write a code and possibility to make one
> function. You could also create a skeleton macro for
> enter_hypervisor_from_guest and generate N of them (one per set of
> unmask interrupts) and call them.
>
> But are they really worth it?
The point is that you are trying to split one entity into two.
As I see it: semantically we have one function:
enter_hypervisor_from_guest(). The purpose of this function is clear:
finish transition from guest mode to hypervisor mode.

But because of some architectural limitation (daifclr requires only
immediate argument) you are forced to divide this function in two.
I don't like this, because entry path now is more complex. To follow
what is going you need to bounce between head.S and traps.c one extra time.

Anyways, this is only my opinion. I'm not forcing you to implement
enter_hypervisor_from_guest() in this way.

I'm okay with enter_hypervisor_from_guest_preirq() as well.

-- 
Volodymyr Babchuk at EPAM
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.